Wire fraud incidents from China prove current security measures, including multifactor authentication, are too easy to bypass. And security pundits say it all points back to why the financial industry needs more guidance about adequate online security.
ID fraud prevention requires partnership, and according to Javelin, the future of fraud-detection should be built around integrating a bank's back-end solutions with the fraud-prevention and detection solutions in which consumers are already investing.
Online security has come a long way in recent years, but so have phishing attacks. As the Epsilon e-mail breach proves, fraudsters are honing their attacks through the acquisition detailed e-mail profiles and sensitive information connections, says ID security expert Tim Rohrbaugh.
"The phishing only works if the consumer participates; they have to click on something; they have to open something," says Neal O'Farrell of the Identity Theft Council. "So, based on that assumption, shouldn't we be doing more to educate them?"
Key questions: What impact - if any - will the recent RSA and Epsilon data breaches have on the FFIEC's pending authentication update? And when will this long-awaited banking guidance finally be released?
A preliminary draft of new online authentication guidance from the Federal Financial Institutions Examination Council puts greater responsibility on the shoulders of financial institutions to enhance security.
NACHA's CEO says ACH-related fraud is often over-hyped, and occurs far less often than check- and payment card-related fraud. But when corporate accounts are breached, fraudulent ACH transactions lead to big financial losses.